{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-11476","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","dateUpdated":"2024-09-16T19:15:47.644Z","dateReserved":"2019-04-23T00:00:00.000Z","datePublished":"2019-08-29T14:38:46.242Z"},"containers":{"cna":{"title":"Integer overflow in whoopsie results in out-of-bounds heap write","datePublic":"2019-07-09T00:00:00.000Z","providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-06-12T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process."}],"affected":[{"vendor":"Ubuntu","product":"Whoopsie","versions":[{"version":"before 0.2.52.5ubuntu0.1","status":"affected"},{"version":"before 0.2.62ubuntu0.1","status":"affected"},{"version":"before 0.2.64ubuntu0.1","status":"affected"},{"version":"before 0.2.66","status":"affected"}]}],"references":[{"url":"https://usn.ubuntu.com/4052-1/"},{"url":"https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863"},{"url":"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"}],"credits":[{"lang":"en","value":"Kevin Backhouse of Semmle Security Research Team"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-190 Integer Overflow or Wraparound","cweId":"CWE-190"}]}],"x_generator":{"engine":"Vulnogram 0.0.7"},"source":{"advisory":"https://usn.ubuntu.com/usn/usn-4052-1","defect":["https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830863"],"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T22:55:40.210Z"},"title":"CVE Program Container","references":[{"url":"https://usn.ubuntu.com/4052-1/","tags":["x_transferred"]},{"url":"https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html","tags":["x_transferred"]}]}]}}